Minutes From Meeting Today

[David Strauss]

Recordon, David wrote:
> - Recommends SSL in certain areas

My main concern is how the current spec treats
http://getopenid.com/david and https://getopenid.com/david as different
identities. While I understand how there *could* be exceptions, I think
both should be treated the same so users can gracefully move to using
SSL identity pages. I think the lack of SSL-signed identity pages is a
major weakness in OpenID that allows spoofing to direct authentication
to a rogue server.

--
David Strauss
Four Kitchen Studios, LLC
GetOpenID.com